General
-
Target
5c1472da063d8d58850678083dfa2e7c.exe
-
Size
120KB
-
Sample
220813-aq69yseae3
-
MD5
5c1472da063d8d58850678083dfa2e7c
-
SHA1
3ca431a654c82c6bc1007f89bfce390c53167132
-
SHA256
9e20a27d120e5c258c3046a41b2df347978c0cf4ea1a4d39b21ae0b01f2d7c33
-
SHA512
27ff00ed2fba50cb3bd271a0f972df12e8a36d16e91c89863f84507632a5e29e2b9d460aa9b0e0fa0b0bb1e85e2d5d327c7c1f1f69afc6409abea96e3efcf8cd
Static task
static1
Behavioral task
behavioral1
Sample
5c1472da063d8d58850678083dfa2e7c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5c1472da063d8d58850678083dfa2e7c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
HacKed
easralahtane.ddns.net:3973
4c1e56ee7374309d8fa12b913734d668
-
reg_key
4c1e56ee7374309d8fa12b913734d668
-
splitter
|'|'|
Targets
-
-
Target
5c1472da063d8d58850678083dfa2e7c.exe
-
Size
120KB
-
MD5
5c1472da063d8d58850678083dfa2e7c
-
SHA1
3ca431a654c82c6bc1007f89bfce390c53167132
-
SHA256
9e20a27d120e5c258c3046a41b2df347978c0cf4ea1a4d39b21ae0b01f2d7c33
-
SHA512
27ff00ed2fba50cb3bd271a0f972df12e8a36d16e91c89863f84507632a5e29e2b9d460aa9b0e0fa0b0bb1e85e2d5d327c7c1f1f69afc6409abea96e3efcf8cd
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-